python icon indicating copy to clipboard operation
python copied to clipboard
verified publisher icon docker-library

Can't connect to HTTPS URL because the SSL module is not available from Buildah

Open anutator opened this issue 1 year ago • 3 comments

Please add openssl package (not only openssl-dev) to python3-alpine

We have errors if we try to use this images (for example add ansible and pip modules):

WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")'

If I test it on virtual machine it works, but it doesn't work from Gitlab. We use Kubernetes gitlab-runner with buildah image to build images from Dockerfile. We didn't have any problems with previous python images (based on Alpine) near 6 months ago. I checked that I found openssl command in the old image and I didn't find it in the new image. We use python image as BASE IMAGE (FROM) in Dockerfile.

If I use your Dockerfile and add openssl, I can build ansible from strach (I add our commands for Ansible building in the end of Dockerfile) with requirements.

anutator avatar Jul 22 '24 22:07 anutator

Do you have a minimal reproducer?

$ docker run -it --rm --pull=always python:alpine sh
alpine: Pulling from library/python
ec99f8b99825: Already exists 
cf61f7829265: Pull complete 
4ebb9be3b501: Pull complete 
d79cbbc17282: Pull complete 
0f29a7b2e9bd: Pull complete 
Digest: sha256:0bd77ae937dce9037e136ab35f41eaf9e012cfd741fc3c8dd4b3e2b63499f12c
Status: Downloaded newer image for python:alpine
/ # pip install requests
Collecting requests
  Downloading requests-2.32.3-py3-none-any.whl.metadata (4.6 kB)
Collecting charset-normalizer<4,>=2 (from requests)
  Downloading charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_x86_64.whl.metadata (33 kB)
Collecting idna<4,>=2.5 (from requests)
  Downloading idna-3.7-py3-none-any.whl.metadata (9.9 kB)
Collecting urllib3<3,>=1.21.1 (from requests)
  Downloading urllib3-2.2.2-py3-none-any.whl.metadata (6.4 kB)
Collecting certifi>=2017.4.17 (from requests)
  Downloading certifi-2024.7.4-py3-none-any.whl.metadata (2.2 kB)
Downloading requests-2.32.3-py3-none-any.whl (64 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 64.9/64.9 kB 6.1 MB/s eta 0:00:00
Downloading certifi-2024.7.4-py3-none-any.whl (162 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 163.0/163.0 kB 10.3 MB/s eta 0:00:00
Downloading charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_x86_64.whl (142 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 142.2/142.2 kB 22.9 MB/s eta 0:00:00
Downloading idna-3.7-py3-none-any.whl (66 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 66.8/66.8 kB 10.5 MB/s eta 0:00:00
Downloading urllib3-2.2.2-py3-none-any.whl (121 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 121.4/121.4 kB 18.2 MB/s eta 0:00:00
Installing collected packages: urllib3, idna, charset-normalizer, certifi, requests
Successfully installed certifi-2024.7.4 charset-normalizer-3.3.2 idna-3.7 requests-2.32.3 urllib3-2.2.2
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

[notice] A new release of pip is available: 24.0 -> 24.1.2
[notice] To update, run: pip install --upgrade pip

(no SSL/TLS warnings here!)

tianon avatar Jul 22 '24 23:07 tianon

Do you have a minimal reproducer?

If I reproduce it on virtual machine it works, but it doesn't work from Gitlab. We use Kubernetes gitlab-runner with buildah image to build images from Dockerfile.

anutator avatar Jul 23 '24 00:07 anutator

Must be an issue with Buildah then :grimacing:

tianon avatar Jul 23 '24 16:07 tianon